Skip to content

Latest commit

 

History

History
29 lines (22 loc) · 1.45 KB

README.md

File metadata and controls

29 lines (22 loc) · 1.45 KB

WLSDECRYPTER

Oracle WebLogic has stored all of it's password in AES cryptstrings. As expected, these are reversible if the key is known. And given a Weblogic installation, it is, in the SerializedSystemIni.dat file.

This script will attempt to parse all of the WebLogic configuration files, decrypting every password it can find showing the configuration file and location of the ciphertext.

wlst.sh wlsdecryptor.py /data/domains/mydomain
Initializing WebLogic Scripting Tool (WLST) ...

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

Cryptstring found in: /data/domains/mydomain/./config/config.xml
Encrypted string found at line number 18
Config element: wls:credential-encrypted
{AES}W64IgZrucaEhvfecSYaLW64IgZrucaEhvfecSYaL=
Decrypted to:
welcome123

...

Parsing boot.properties: /data/domains/mydomain/./config/../servers/AdminServer/security/boot.properties
WebLogic Admin username: weblogic
WebLogic Admin password: welcome1

Note that this is a WebLogic scripting tool script, not pure python, using the wlst.sh shell script often found in the oracle_common directory of a Weblogic installation directory.

Output considerations

With the above output, you should be able to figure out which username matches the cleartext password. I took the quick route by parsing the configuration files using Sax. When asked nicely, I might refactor and use a real parser, matching actual usernames to passwords.